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(57) Abstract 



An enhanced digital camera includes a non-volatile memory in which is stored a security value used to produce digital signatures for 
photographs. A processor within the enhanced digital camera processes a photograph by hashing digital data for the photograph to produce 
a hash digest. The processor then performs a digital signature function using the security value in order to produce a digital signature for 
the photograph. 
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AUTHENTICATION AND VERIFICATION WITHIN A DIGITAL 

CAMERA ARCHITECTURE 

TECHNICAL FIELD 

The present invention concerns digital cameras and pertains 

particularly to authentication and verification within a digital camera 

architecture. 



BACKGROUND 

10 As digital cameras become a widely used consumer item, there is a 

likelihood that photographs taken by digital cameras will increasingly be 
used for applications such as insurance claims and law enforcement. 
However, unlike previous photographic cameras, digital photography 
presents even the novice photographic enthusiast, using a standard 

15 personal computer, the means to "doctor" or manipulate photographs 

without detection. This is because digital cameras allow for photographs to 
be manipulated, modified and edited without degradation to the quality of the 
photograph. Consequently detection of such manipulations are not possible. 
This could present the opportunity for an unscrupulous individual to utilize 

20 digital photography to perform insurance fraud or to tamper with evidence 
used in a court of law. 

SUMMARY OF THE INVENTION 
In accordance with the preferred embodiment of the present 
25 invention, an enhanced digital camera includes a non-volatile memory in 
which is stored a security value used to produce digital signatures for 
photographs. A processor within the enhanced digital camera processes a 
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photograph by hashing digital data for the photograph to produce a hash 
digest. The processor then performs a digital signature function on the 
hash digest using the security value in order to produce a digital signature 
for the photograph. 

In the preferred embodiment, the processor hashes a serial number 
for the camera and a date and time stamp along with the digital data for the 
photograph to produce the hash digest. The security value is, for example, a 
unique private key that is part of a private/public key pair. To increase 
security of the private key the non-volatile memory and the processor are 
within a secure integrated circuit and the processor generates the 
private/public key pair. The non-volatile memory is, for example, a one-time 
programmable memory. The public key is, for example, stored in a third 
party database and may be accessed (using the serial number for the 
enhanced digital camera) when it is necessary to authenticate a photograph 
taken by the enhanced digital camera. 

The digital signature is stored with the digital data for the 
photograph. In order to authenticate the photograph, digital data for the 
photograph is hashed to produce a computed hash digest. For example, the 
serial number for the camera and the date and time stamp are hashed along 
with the digital data for the photograph. The public key for the enhanced 
digital camera is used to perform a digital signature function on the digital 
signature for the photograph in order to produce an extracted hash digest. 
The computed hash digest is compared with the extracted hash digest to 
determine whether the photograph is authentic and unaltered. 
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The authentication and integrity verification utilized by the enhanced 
digital camera architecture of the present invention provides the necessary 
functionality to authenticate photographs and to detect alterations. 



5 BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a simplified block diagram of a digital camera architecture 
that incorporates authentication and verification in accordance with a 
preferred embodiment of the present invention. 

Figure 2 illustrates an authentication and verification process within 
10 a digital camera in accordance with a preferred embodiment of the present 
invention. 

Figure 3 illustrates a detection process used to detect modification of a 
digital picture and/or digital signature in accordance with a preferred 
embodiment of the present invention. 

15 

DISCLOSURE OF THE INVENTION 
Figure 1 is a simplified block diagram of the architecture of an 
enhanced digital camera 10 that incorporates authentication and 
verification in order to provide the necessary functionality to protect digital 

20 photographic data from alterations. Digital camera 10, for example, can 

operate in an authentication and integrity verification (AIV) mode or in non- 
AIV mode. In AIV mode, enhanced digital camera 10 architecture 
authenticates and digitally signs each photograph as a picture is taken. 
This allows for detection of tampering with the original photograph. A hash 

25 function is used to protect the integrity of the original digital image and a 
digital signature function is used to protect the authenticity of the image. 
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The solution will not prevent tampering, rather it allows for detection of the 
tampering. 

Enhanced digital camera 10 includes the typical functional blocks 
normally included within a digital camera. For example, enhanced digital 
5 camera 10 includes an image processor 11 and a memory module for storing 
pictures that have been taken. 

A secure camera integrated circuit 12 contains other functional blocks 
of enhanced digital camera 10. These functional blocks are contained in a 
single integrated circuit, not only to reduce manufacturing cost, but also to 
10 provide a necessary level of security that does not allow a private key 

component to ever be exposed outside secure camera integrated circuit 12. 

The functional components included within secure camera integrated 
circuit 12 are an analog- to-digital (A/D) converter block 21, a digital signal 
processing block 23, random access memory (RAM) 24, read-only memory 
15 (ROM) 25 and a memory module interface 27. 

In addition, secure camera integrated circuit 12 includes a one-time 
programmable (OTP) memory 26. One-time programmable memory 26 is a 
secure memory that stores the security value of the digital camera. 
Alternative to a one-time programmable memory, memory 26 could be 
20 manufactured from flash memory, programmable read-only memory 

(PROM), EEPROM, or any other memory that can permanently and securely 
store the security value of enhanced digital camera 10. 

The security value of enhanced digital camera 10 is, for example, a 
unique public/private key pair. Alternatively, the security value of the 
25 digital camera is any unique security value that can be used to produce a 
digital signature. 
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For example, microprocessor 23 generates a public/private key pair at 
the time of manufacture of enhanced digital camera 10. Microprocessor 23 
programs the generated public/private key pair into OTP memory 26. The 
public key component of the public/private key is then sent out of secure 
5 camera integrated circuit 12 and enhanced digital camera 10. The public 
key is then recorded, along with the serial number, for example, by a secure 
third party (Certificate Authority), for purposes of later authenticating and 
verifying the integrity of a photograph. For example, the secure third party 
could be a company that is in the business of issuing digital certificates for 

10 individuals and corporations. 

Figure 2 illustrates an authentication and verification process that is 
utilized by enhanced digital camera 10 in accordance with a preferred 
embodiment of the present invention. When a photograph is snapped, the 
resulting digital data 31 is stored in RAM 24. A date and time stamp 41, 

15 generated by a real-time clock 32, is prepended to digital data 31. Also 
prepended to digital data 31 is a camera serial number 42 of enhanced 
digital camera 10. A hash function 34 is used to hash together digital data 
31, date and time stamp 41 and camera serial number 42 in order to 
generate a hash digest 35. A digital signature function 37 digitally signs 

20 hash digest 35 with a unique private key 36 to produce a digital signature 44. 
Unique private key 37 is a private key which is used only for enhanced digital 
camera 10. Digital signature 44 is appended to digital data 31. The entire 
structure for the photograph, including data/time stamp 41, camera serial 
number 42, digital data 31 and digital signature 44, is stored in memory 

25 module 13. 
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The stored structure for the photograph allows the photograph to be 
authenticated. In effect, a digital fingerprint of the photograph has been 
created as the photograph is taken. This allows any changes to the picture 
to be detected. 

5 The preferred embodiment of the present invention resists attack by 

those trying to circumvent the protection system. The two most obvious ways 
to attack the protection system would be to modify the photograph (digital 
data 31) and return it to memory module 13 or to modify the photograph 
(digital data 31) and digital signature 44, so the two match, and return the 
10 result to memory module 13. Either of these attacks, however, can be 
protected utilizing the preferred embodiment of the present invention. 

Figure 3 illustrates a detection process used to detect when the 
photograph (digital data 31) has been modified and returned to memory 
module 13 or when the photograph (digital data 31) and digital signature 44 
15 have both been modified and then returned to memory module 13. 

A secure database 60 is used to store public keys for enhanced digital 
cameras. For example, database 60 is a third party database used to archive 
the camera serial numbers and associated public keys. As show in Figure 
3, each of representative entries 61, 62, 63 and 64 includes a camera serial 
20 number and an associated public key. 

In order to detect whether a digital data 53 within a structure 50 has 
been modified, a hash function 71 is used to hash together digital data 53, a 
date and time stamp 51 and a camera serial number 52 in order to generate 
a computed hash digest 72. Camera serial number 52 is used to access from 
25 database 60 a unique public key 73 for the enhanced digital camera. A 

digital signature function 74 uses unique public key 73 to extract from digital 
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signature 50 an extracted hash digest 75. A compare function 76 compares 
computed hash digest 72 with extracted hash digest 75 and an output 77 
indicates whether there is a match (i.e., the photograph is authentic and 
unaltered) or there is not a match (i.e., the photograph is not authentic or 
has been altered). 

The detection process in Figure 3 detects both the case where a 
photograph has been modified and returned to a memory module and the 
case where a photograph and digital signature have been modified and both 
returned to memory module 13. Modifying the photograph (but not the 
signature) and returning it to the memory module would result in a 
mismatch of the hash value of the new picture and the hash value stored in 
the signature. Modifying both the photograph and the signature would also 
result in a mismatch of the computed hash value and the hash value stored 
in the signature. Even though the hash value stored in the signature was 
properly computed, unless the hash value is signed with the correct private 
key, it will be detected as an altered photograph. Thus, someone attempting 
to sign a photograph with a non-registered public/private key pair could be 
detected. 

While the present invention provides significant protection, there are 
possible ways an attempt could be made to circumvent the protection system. 
For example, an attempt could be made to extract the private key from a 
registered camera via a physical attack. The extracted private key could 
then be used to sign the hash value of a modified photograph. In the event 
this type of tampering is suspected, it may be necessary to examine the 
enhanced digital camera for signs of tampering to determine whether a 
physical attack has occurred. Also precautions can be taken when 
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designing secure camera IC 12 to assure that the private key would be very 
difficult to access by an attacker. The strength and integrity of the system is 
predicated on the ability to store data (i.e., a private key) internal to the 
camera in a secure manner. The most effective way to do this, as described 
above, is to utilize a one-time programmable memory that is fully integrated 
into a single chip architecture in the enhanced digital camera. In this way, 
it is never necessary for the private key information to be sent outside the 
secure integrated circuit and increasing the ability to protect the integrity of 
photographs. 

Another potential attack on the integrity of the system would be for an 
attacker to access database 60 in order to insert a bogus public key. 
Photographs could then be "authenticated" with a bogus private key related 
to the bogus public key. However, inserting a bogus public key into a 
secured, third-party database could be difficult to achieve without detection. 
Databases used for securing digital signatures are typically digitally signed 
by the third party, adding an additional layer of security. Providing similar 
safeguards for database 60 would provide significant protection to the 
embodiments of the present invention. 

The foregoing discussion discloses and describes merely exemplary 
methods and embodiments of the present invention. As will be understood 
by those familiar with the art, the invention may be embodied in other 
specific forms without departing from the spirit or essential characteristics 
thereof. Accordingly, the disclosure of the present invention is intended to 
be illustrative, but not limiting, of the scope of the invention, which is set 
forth in the following claims. 
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CLAIMS 

We Claim: 

1 1. A method for protecting a photograph taken by a digital camera 

2 comprising the following steps: 

3 (a) hashing digital data for the photograph to produce a hash digest; 

4 and, 

5 (b) performing a digital signature function on the hash digest using a 

6 security value in order to produce a digital signature for the photograph. 

1 2. A method as in claim 1 additionally comprising the following step: 

2 (c) storing the digital signature with the digital data for the 

3 photograph. 

1 3. A method as in claim 1 wherein step (a) includes hashing a serial 

2 number for the camera along with the digital data for the photograph to 

3 produce the hash digest. 

1 4. A method as in claim 1 wherein step (a) includes hashing a serial 

2 number for the camera and a date and time stamp along with the digital 

3 data for the photograph to produce the hash digest. 

1 5. A method as in claim 1 wherein in step (b) the security value is a 

2 unique private key which is part of a private/public key pair. 

1 6. A method as in claim 1 wherein step (a) and step (b) are both 

2 performed within a secure integrated circuit. 
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1 7. A method for authenticating a photograph taken by a digital 

2 camera comprising the following steps: 

3 (a) hashing digital data for the photograph to produce a computed 

4 hash digest; 

5 (b) accessing a security value for the digital camera; 

6 (c) using the security value for the digital camera to perform a digital 

7 signature function on a digital signature for the photograph in order to 

8 produce an extracted hash digest; and, 

9 (d) comparing the computed hash digest with the extracted hash 
10 digest to determine whether the photograph is authentic. 

1 8. A method as in claim 7 wherein in step (c) the digital signature is 

2 stored with digital data for the photograph. 

1 9. A method as in claim 7 wherein step (a) includes hashing a serial 

2 number for the camera along with the digital data for the photograph to 

3 produce the computed hash digest. 

1 10. A method as in claim 7 wherein step (a) includes hashing a serial 

2 number for the camera and a date and time stamp along with the digital 

3 data for the photograph to produce the computed hash digest. 

1 11. A method as in claim 7 wherein in step (b) the security value is a 

2 public key which is part of a private/public key pair. 
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12. An enhanced digital camera, comprising: 

a non-volatile memory in which is stored a security value used to 
produce digital signatures for photographs; and, 

a processor, the processor processing a photograph by hashing digital 
data for the photograph to produce a hash digest and the processor 
performing a digital signature function on the hash digest using the 
security value in order to produce a digital signature for the photograph. 

13. An enhanced digital camera as in claim 12 wherein the processor 
stores the digital signature with the digital data for the photograph. 

14. An enhanced digital camera as in claim 12 wherein when the 
processor hashes the digital data for the photograph, the processor hashes a 
serial number for the camera along with the digital data for the photograph 
to produce the hash digest. 

15. An enhanced digital camera as in claim 12 wherein when the 
processor hashes the digital data for the photograph, the processor hashes a 
serial number for the camera and a date and time stamp along with the 
digital data for the photograph to produce the hash digest. 

16. An enhanced digital camera as in claim 12 wherein the security 
value is a unique private key which is part of a private/public key pair. 

17. An enhanced digital camera as in claim 12 wherein the non- 
volatile memory and the processor are within a secure integrated circuit. 
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1 18. An enhanced digital camera as in claim 12 wherein the non- 

2 volatile memory is a one-time programmable memory. 

1 19. An enhanced digital camera as in claim 12 wherein the processor 

2 generates the security value. 

1 20. An enhanced digital camera as in claim 12 wherein the security 

2 value is a unique private key which is part of a private/public key pair which 

3 is generated by the processor. 
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